Google's Project Zero finds 18 zero-day vulnerabilities in Exynos modems, affecting some Samsung, Vivo, and Google phones as well as wearables and vehicles
do this before you're next Maria Deutscher / SiliconANGLE : Google discovers 18 vulnerabilities in multiple Samsung chips Pierluigi Paganini / Security Affairs : Baseband RCE flaws in Samsung's Exynos chipsets expose devices to remote hack Julia Musto / Fox News : Google issues warning about remotely exploitable flaws in Android phones Peter Hunt Szpytek / Digital Trends : You may want to think twice about buying a Samsung or Pixel phone Usman Qureshi / iPhone in Canada Blog : Google Sounds Alarms on Security Flaws in Androids with Samsung Chips Rahul Srinivas / SlashGear : Major Security Flaw Discovered By Google In Samsung Modems - Check If Your Phone Is Affected Vishnu Sarangapurkar / Android Central : Your Galaxy phone may be at risk due to Exynos modem vulnerabilities Anam Hamid / PhoneArena : Samsung is taking forever to fix lethal Exynos bug affecting Galaxy S22 and Pixel 6 Anthony Spadafora / Tom's Guide : Critical zero-day flaws put Samsung phones at risk — is yours vulnerable? Mihai Matei / SamMobile : Ways to stay safe until Samsung patches Exynos security flaws Jay Bonggolto / Android Police : Insecure Exynos modems put dozens of Samsung devices, and other Android phones, at risk Tim / Droid Life : Multiple Vulnerabilities Found in Samsung Exynos Modems, Pixel Phones Greatly Affected Rowknee Shaw / Sam Lover : Samsung patches security vulnerability in Exynos-based Galaxy devices Jonathan Lamont / MobileSyrup : Samsung, Pixel devices vulnerable to exploits that expose calls and texts Alessandro Mascellino / Infosecurity : Google Exposes 18 Zero-Day Flaws in Samsung Exynos Chips Tyler Lee / Phandroid : Multiple vulnerabilities discovered in Samsung's Exynos modems Joe Warminsky / The Record : Samsung's Exynos chips cited for potentially hackable flaws TechRadar : Several zero day vulnerabilities are plaguing Android devices with Samsung chips, warns Google John Callaham / Neowin : Google found 18 zero-day issues with Samsung's Exynos modems that could affect many phones Aaron Leong / HotHardware : Google Project Zero Issues Startling Security Warning To Pixel And Samsung Galaxy Owners Laurent Giret / Thurrott : Google Discovers Samsung Modem Vulnerabilities on Pixel 6 and 7, Galaxy S22, and More Tom Spring / SC Media : 18 zero-day flaws impact Samsung Android handsets, wearables and telematics Kevin Raposo / KnowTechie : A major new Android bug lets hackers take over your devices Chris Smith / BGR : Turn off 2 Pixel and Samsung Galaxy settings to prevent hackers from owning your phone Rob Thubron / TechSpot : Google advises Android users to take action after finding 18 zero-day vulnerabilities in popular phones Ragini / SamNews 24 : Samsung Exynos modems were found to have a vulnerability, here's what company replied TechCircle : Google Project Zero team finds critical security flaw in Samsung modems The Hacker News : Google Uncovers 18 Severe Security Vulnerabilities in Samsung Exynos Chips Martin Brinkmann / gHacks Technology News : Google: turn off Wi-Fi Calling and VoLTE in Pixel/Samsung devices affected by major security issues Fouquin / TechPowerUp : Google's Project Zero Discovers 18 Zero-Day Vulnerabilities in Exynos Chipsets Priya Singh / Techlusive : Google warns users against 18 bugs in mass-level Android phones Richard Chirgwin / iTnews : Samsung “internet-to-baseband” bug can be attacked over the phone Matt Milano / WebProNews : PSA: Disable Wi-Fi Calling, VoLTE on Pixel & Samsung Phones IMMEDIATELY David Lumb / CNET : Google Warns Samsung and Pixel Phone Owners About 18 Dire Exploits Sergiu Gatlan / BleepingComputer : Google finds 18 baseband zero-day bugs in Samsung Exynos chipsets LinkedIn: Hans Kramer : So happy I traded my new Samsung phone in for an iPhone. — I don't want OneDrive or other bogus “essential” apps like the Disney app. … Aaron B. : “My Samsung phone or device is totally safe” said no one. This is an insane vulnerability. — Please disable Wi-Fi calling! Todd Wade : This is nasty. 18 zero-day vulnerabilities have been found Samsung's Exynos chipsets used in mobile devices, wearables, and cars. … Niel Harper : Android phones can be hacked just by someone knowing your phone number — “Google has issued a warning that some Android phones can be hacked remotely … Ardit Beu : Beware of new Exynos chipset vulnerabilities! — Not all -days are disclosed yet, but this is affecting different kinds of chipset infrastructures starting … Liviu Băltoi : Huge impact to Android users! Attackers only need the mobile number. — Attention, Android users! … Alexander Busse : 🚨Attention Samsung and Google mobile device users! 📱🌐 Google Project Zero has just discovered multiple zero-day Internet … Eghbal Ghazizadeh : While managed device management (MDM) can provide some level of security, it is not foolproof, and organisations must still take proactive measures to protect their data. … Cameron Baker : What would you say if I posted another Urgent notice. These #zerodayvulnerability issues are becoming banal. #Google employs a bug hunting team called Project Zero. … Joe Kattner : In late 2022 and early 2023, (Google) Project Zero reported eighteen 0-day vulnerabilities in Exynos Modems produced by Samsung Semiconductor. … Jamey Kistner : Multiple Internet to Baseband Remote Code Execution Vulnerabilities in Exynos Modems — In late 2022 and early 2023 … Davey Winder : New by me at Forbes: The security research supremos over at Project Zero have uncovered no less than 18 zero-days impacting the Samsung Exynos modem chipset. … Gianluca Varisco : In late 2022 and early 2023, Google's Project Zero reported eighteen 0-day vulnerabilities in Exynos Modems produced by Samsung Semiconductor. … Mastodon: Zack Whittaker / @zackwhittaker@mastodon.social : New, by me: Google's Project Zero is sounding the alarm over four zero-day flaws in Samsung chips, affecting dozens of Android models. — Google says the flaws can be “silently and remotely” exploited over the cell network. … @Norobiik@noc.social : In a blog post, Google's #ProjectZero head #TimWillis said the in-house security researchers found and reported 18 #ZeroDay vulnerabilities in #Exynos modems produced by #Samsung over the past few months … Tweets: @securityweek : Critical flaws expose Samsung's Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs the victim's phone number. @ryanaraine reports: - https://www.securityweek.com/ ... Chris Wysopal / @weldpond : RCE from a mobile# on many Samsung devices. Until patches are available users can thwart baseband RCE exploitation attempts targeting Samsungs Exynos chipsets in their device by disabling Wi-Fi calling and Voice-over-LTE (VoLTE) to remove the attack vector https://www.bleepingcomputer.com/ ... Tim Willis / @itswillis : What happens when you get @natashenka, @ifsecure, @_fel1x, @i41nbeer and @tehjh working collaboratively on a new attack surface for the team? This: https://googleprojectzero.blogspot.com/ ... The blogpost also includes actions that users can take to protect themselves while waiting for patches. Lukasz Olejnik / @lukolejnik : Only a phone number needed to exploit a vulnerability in Samsung Exynos chipset (baseband modem) vulnerability, affects Samsung devices, and Google Pixel. Disable wifi calls and Voice-over-LTE. https://googleprojectzero.blogspot.com/ ... Debayan Roy / @gadgetsdata : Google project Zero security team has found 18 active vulnerabilities because of 🔴Exynos Modem on these 12 phones: Galaxy M33, A53, A33, A21, A13, A12, M12, M13, A04 series Pixel 6A ,6,6 Pro Hackers can access your📱using your phone no. A security patch can fix these issues! https://twitter.com/... Warren Togami / @wtogami : Writing other commentary here instead of distracting from the important post. * It seems curious that Google seems totally uncoordinated on this. Their corporate comms are dead silent on why the patch isn't out except for a customer service agent apology screenshot. The Project... https://twitter.com/... Xia / @xiatian : Exploitable baseband-level RCE in Google Pixel 6/7 series and a whole lot of Samsung phones, disable VoLTE and Wi-Fi Calling until patched: https://9to5google.com/... Artem Russakovskii / @artemr : Google Project Zero discovered vulnerabilities affecting Android phones with Samsung's Exynos chips that result in remote and silent full pwnage with nothing but a phone number. https://googleprojectzero.blogspot.com/ ... Here are the affected phones. Pixels have been patched already (March OTA). https://twitter.com/... Ryan Naraine / @ryanaraine : Pretty significant Project Zero findings 🩹 18 zero-days in Samsung Exynos chipsets, some nasty enough to cause “Internet-to-baseband remote code execution” with no user interaction. Attacker only needs victim's phone number 👩 Quick story: https://www.securityweek.com/ ... John Scott-Railton / @jsrailton : 2/ Baseband vulnerabilities = freaky. Baseband = the “other OS” on your phone handling calling & cellular network etc. Think of it as below the waterline of Android / iOS & what users can see. They are hard to find & defend against. Great to see Project Zero helping to fix. Jorge Orchilles / @jorgeorchilles : Well this isn't good... 18 0day vulnerabilities in Exynos Modems produced by Samsung Semiconductor (that means a lot of Samsung phones)... 4 allow Internet-to-baseband RCE... “we believe that skilled attackers would be able to quickly create an https://googleprojectzero.blogspot.com/ ...... https://twitter.com/... @alesandroortizr : 🚨Breaking my Twitter silence for this: 🚨Internet-exploitable RCE affecting Samsung devices + other devices with Exynos chipsets. Mitigations available. Check if your device is affected and apply mitigations: https://googleprojectzero.blogspot.com/ ... https://techcrunch.com/... https://twitter.com/... Max Weinbach / @maxwinebach : RIP Exynos modems Pixel 6 and 7 patched with Match update fwiw. Samsung hasn't patched anything on their devices yet. https://twitter.com/... @lorenzofb : NEW: Google's Project Zero has found a lot of high severity vulnerabilities in certain Samsung chips included in dozens of Android models. Samsung has had more than 90 days to patch, but hasn't done it yet, according to Google's @maddiestone. https://techcrunch.com/... Ryan Naraine / @ryanaraine : p0 barebones advisory: “Due to a very rare combination of level of access these vulns provide and the speed with which we believe a reliable operational exploit could be crafted, we've made a policy exception to delay disclosure [on 4 nastiest bugs]” https://googleprojectzero.blogspot.com/ ... Husson Pierre-Hugues / @phhusson : Security flaws in VoLTE. Who would have guessed? A year ago I started a FLOSS unprivileged userspace VoLTE implementation. If you want to join that effort ping me. Currently in Kotlin, but could be rewritten in rust which would help GNU environments. https://googleprojectzero.blogspot.com/ ... John Scott-Railton / @jsrailton : WHOA: own a recent Samsung or Vivo phone? @Google's Project Zero found serious baseband vulnerabilities. While awaiting fixes, disable Wi-Fi calling & VoLTE. + do your updates! 1/ By @natashenka @ifsecure @_fel1x @i41nbeer & @tehjh https://googleprojectzero.blogspot.com/ ... https://twitter.com/...